Malicious Internet content is content on the Internet that, when accessed by a network device, behaves maliciously. For example, malicious Internet content may include malware that a malicious website attempts to install onto a network device. This malware may be configured, for example, to disrupt operation of the network device, gather personal information from the network device, or gain total access to the network device. The installation of malware from a malicious website may require some action on the part of the user of the network device. However, some malicious websites will attempt to automatically install malware on a network device without any action beyond the network device accessing the malicious website. To avoid being automatically impacted by simply accessing a website having malicious Internet content, one technique for dealing with malicious Internet content is to block network devices from accessing particular websites that are suspected of hiding malicious Internet content.
Unfortunately, however, malicious actors have become increasingly adept at hiding malicious Internet content. For example, malicious actors may hide malicious Internet content on compromised Domains, may randomly generate new Domains, or may randomly change URLs. Also, the scope of the malicious Internet content varies from one malicious actor to the next. As a result, sufficient direct evidence of malicious Internet content is not always available to effectively assess security risks and block a network device from accessing malicious Internet content, thereby putting network devices at risk from malicious Internet content.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one example technology area where some embodiments described herein may be practiced.